2019-09-25 23:23:04 -07:00
|
|
|
|
//! Note Commitment Trees.
|
|
|
|
|
//!
|
|
|
|
|
//! A note commitment tree is an incremental Merkle tree of fixed depth
|
|
|
|
|
//! used to store note commitments that JoinSplit transfers or Spend
|
|
|
|
|
//! transfers produce. Just as the unspent transaction output set (UTXO
|
|
|
|
|
//! set) used in Bitcoin, it is used to express the existence of value and
|
|
|
|
|
//! the capability to spend it. However, unlike the UTXO set, it is not
|
|
|
|
|
//! the job of this tree to protect against double-spending, as it is
|
|
|
|
|
//! append-only.
|
|
|
|
|
//!
|
|
|
|
|
//! A root of a note commitment tree is associated with each treestate.
|
2020-07-28 00:52:04 -07:00
|
|
|
|
|
2020-05-26 18:00:58 -07:00
|
|
|
|
#![allow(clippy::unit_arg)]
|
2020-07-28 00:52:04 -07:00
|
|
|
|
#![allow(dead_code)]
|
2019-09-25 23:23:04 -07:00
|
|
|
|
|
2020-02-07 12:53:44 -08:00
|
|
|
|
use std::{fmt, io};
|
|
|
|
|
|
2020-07-28 00:52:04 -07:00
|
|
|
|
use bitvec::prelude::*;
|
2020-01-27 14:49:25 -08:00
|
|
|
|
#[cfg(test)]
|
|
|
|
|
use proptest_derive::Arbitrary;
|
|
|
|
|
|
2020-08-15 18:02:07 -07:00
|
|
|
|
use crate::serialization::{SerializationError, ZcashDeserialize, ZcashSerialize};
|
|
|
|
|
|
|
|
|
|
use super::commitment::pedersen_hashes::pedersen_hash;
|
2020-07-28 00:52:04 -07:00
|
|
|
|
|
|
|
|
|
/// MerkleCRH^Sapling Hash Function
|
|
|
|
|
///
|
2020-08-05 19:31:03 -07:00
|
|
|
|
/// MerkleCRH^Sapling(layer, left, right) := PedersenHash(“Zcash_PH”, l || left ||right)
|
2020-07-28 00:52:04 -07:00
|
|
|
|
/// where l = I2LEBSP_6(MerkleDepth^Sapling − 1 − layer)
|
|
|
|
|
///
|
|
|
|
|
/// https://zips.z.cash/protocol/protocol.pdf#merklecrh
|
|
|
|
|
// TODO: refine layer as a wrapper type around a bitvec/bitslice?
|
|
|
|
|
// TODO: refine output type as *NodeHash, combine with RootHash
|
|
|
|
|
fn merkle_crh_sapling(layer: u8, left: [u8; 32], right: [u8; 32]) -> jubjub::Fq {
|
|
|
|
|
let mut s: BitVec<Lsb0, u8> = BitVec::new();
|
|
|
|
|
|
|
|
|
|
// Prefix: l = I2LEBSP_6(MerkleDepth^Sapling − 1 − layer)
|
|
|
|
|
s.append(&mut bitvec![31 - layer; 1]);
|
|
|
|
|
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&left[..]));
|
|
|
|
|
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&right[..]));
|
|
|
|
|
|
|
|
|
|
pedersen_hash(*b"Zcash_PH", &s)
|
|
|
|
|
}
|
2019-09-25 23:23:04 -07:00
|
|
|
|
|
2020-07-27 23:27:02 -07:00
|
|
|
|
/// The index of a note’s commitment at the leafmost layer of its Note
|
|
|
|
|
/// Commitment Tree.
|
|
|
|
|
///
|
|
|
|
|
/// https://zips.z.cash/protocol/protocol.pdf#merkletree
|
|
|
|
|
pub struct Position(pub(crate) u64);
|
|
|
|
|
|
2019-09-25 23:23:04 -07:00
|
|
|
|
// XXX: Depending on if we implement SproutNoteCommitmentTree or
|
|
|
|
|
// similar, it may be worth it to define a NoteCommitmentTree trait.
|
|
|
|
|
|
|
|
|
|
/// Sapling Note Commitment Tree
|
2019-09-25 23:28:58 -07:00
|
|
|
|
#[derive(Clone, Debug, Default, Eq, PartialEq)]
|
2020-01-27 14:49:25 -08:00
|
|
|
|
#[cfg_attr(test, derive(Arbitrary))]
|
2020-08-28 01:24:32 -07:00
|
|
|
|
struct SaplingNoteCommitmentTree;
|
2019-09-25 23:23:04 -07:00
|
|
|
|
|
|
|
|
|
/// Sapling note commitment tree root node hash.
|
|
|
|
|
///
|
|
|
|
|
/// The root hash in LEBS2OSP256(rt) encoding of the Sapling note
|
|
|
|
|
/// commitment tree corresponding to the final Sapling treestate of
|
|
|
|
|
/// this block. A root of a note commitment tree is associated with
|
|
|
|
|
/// each treestate.
|
2020-06-15 15:08:14 -07:00
|
|
|
|
#[derive(Clone, Copy, Default, Eq, PartialEq, Serialize, Deserialize)]
|
2020-01-27 14:49:25 -08:00
|
|
|
|
#[cfg_attr(test, derive(Arbitrary))]
|
2020-08-28 01:22:40 -07:00
|
|
|
|
pub struct Root(pub [u8; 32]);
|
2019-09-25 23:23:04 -07:00
|
|
|
|
|
2020-08-28 01:22:40 -07:00
|
|
|
|
impl fmt::Debug for Root {
|
2020-02-07 12:53:44 -08:00
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2020-08-28 01:22:40 -07:00
|
|
|
|
f.debug_tuple("Root").field(&hex::encode(&self.0)).finish()
|
2020-02-07 12:53:44 -08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-28 01:22:40 -07:00
|
|
|
|
impl From<SaplingNoteCommitmentTree> for Root {
|
2019-09-30 11:21:53 -07:00
|
|
|
|
fn from(_tree: SaplingNoteCommitmentTree) -> Self {
|
2019-09-25 23:23:04 -07:00
|
|
|
|
// TODO: The Sapling note commitment tree requires a Pedersen
|
|
|
|
|
// hash function, not SHA256.
|
|
|
|
|
|
|
|
|
|
// let mut hash_writer = Sha256dWriter::default();
|
|
|
|
|
// sapling_note_commitment_tree
|
|
|
|
|
// .zcash_serialize(&mut hash_writer)
|
2020-07-05 03:58:50 -07:00
|
|
|
|
// .expect("A Sapling note commitment tree must serialize.");
|
2019-09-25 23:23:04 -07:00
|
|
|
|
// Self(hash_writer.finish())
|
|
|
|
|
|
|
|
|
|
unimplemented!();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl SaplingNoteCommitmentTree {
|
|
|
|
|
/// Get the Jubjub-based Pedersen hash of root node of this merkle
|
|
|
|
|
/// tree of commitment notes.
|
|
|
|
|
pub fn hash(&self) -> [u8; 32] {
|
|
|
|
|
unimplemented!();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ZcashSerialize for SaplingNoteCommitmentTree {
|
2020-02-05 14:32:10 -08:00
|
|
|
|
fn zcash_serialize<W: io::Write>(&self, _writer: W) -> Result<(), io::Error> {
|
2019-09-25 23:23:04 -07:00
|
|
|
|
unimplemented!();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ZcashDeserialize for SaplingNoteCommitmentTree {
|
2019-09-30 11:21:53 -07:00
|
|
|
|
fn zcash_deserialize<R: io::Read>(_reader: R) -> Result<Self, SerializationError> {
|
2019-09-25 23:23:04 -07:00
|
|
|
|
unimplemented!();
|
|
|
|
|
}
|
|
|
|
|
}
|